1. This Privacy Notice (the “Notice”) sets out how we, Ryecroft Glenton, with head office at 32 Portland Terrace, Newcastle Upon Tyne, NE21QP and our associated offices from time to time (collectively “Ryecroft Glenton”, “we”, “us”, “our”) process the personal data of individuals (each a “User”, “you”, “your”) who contact us, whose details we process on behalf of our clients in connection with our client services (“Client Services”), whose details we process in our capacity as an employer (“Employer”)or who use our websites, services, applications, content and related features (collectively, the “Website”).

2. If you have any questions about this Notice, please contact us by emailprivacy@ryecroftglenton.com.

3. This notice, together with our Website Terms and any other documents referred to in these documents, set out our views and practices regarding your personal data and how we will treat it. Please read these documents carefully. Where this notice is referred to in our client services documentation or our employer documentation, by reading this notice and signing said documentation you acknowledge and agree to the processing of your personal data in accordance with this notice. By visiting our website, you acknowledge the processing described in this Notice, our Website Terms and related documents.

4. We will let you know, by posting on our website or otherwise, if we make any changes to this Notice from time to time. Your continued use of our services, maintenance of your employment status, the continued use of the Website or your continued dealing with us after notifying such changes will amount to your acknowledgement of the amended Notice.

5. This version of our privacy notice was published in July 2019.

What is personal data?

6. “Personal data” means any information relating to an identified or identifiable natural person, known as ‘data subject’, who can be identified directly or indirectly; it may include name, address, email address, phone number, IP address, location data, cookies, a recording of your call with us and similar information. It may also include “special categories of personal data” such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Where do we source personal data from?

7. We collect personal data from the following sources:

a. Information provided by you. You may give us information about you by, for example, subscribing to services, such as email updates, making applications in respect of job postings, corresponding with us by e-mail, phone or otherwise, filling in forms such as the contact form on our website.

b. Information about others. You may also provide to us personal data relating to third parties, such as people who you work with, or your referees. As an employee you may also provide us with personal data relating to family, medical providers, or potential employee’s clients. Information about third parties should only be provided if you have demonstrable permission to do so or if the information is available in the public domain.

c. Information processed on behalf of our clients as detailed in our engagement letter. Where we provide services to our clients, we will process personal data as a data processor on behalf of the client, the data controller or where required and with the client’s agreement, we will process data as a data controller. Such processing will be in accordance with any privacy notice provided to you by the client or by us on the client’s behalf or by us on our behalf. The processing may include interacting with data subjects (via phone, fax or electronically) on queries that related to our services or contractual obligations from time to time.

d. Information from third party sources. This may include information about you received from credit reference agencies, our service providers and other third parties.

e. Information about your device. With regard to each visit to our website we may collect technical information about your device such as IP address, operating system, browser, time zone setting, the Internet address of the website from which you linked directly to our website, URL clickstream data, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

8. Generally, you are under no obligation to provide this information, but without it, we may be unable to provide you with the full range of services that we provide to our clients, meet our employment obligations or some of our Website content and services.

9. We will rely on the information provided by you as accurate, complete and up to date and you agree to ensure that this will be the case.

What personal data do we process?

10. We collect personal data in main areas;

  • Ryecroft Glenton Client Services
  • Ryecroft Glenton Business Operations

In all cases we collect the minimum personal data necessary for us to meet our contractual / legal obligations to clients, employees and site visitors.  To view the types and categories of personal data we collect select the relevant are to expand the list;

Ryecroft Glenton Client Services

Clients / Contacts / 3rd Parties Personal Data Inventory

Data Item

Lawful Basis

Business Areas

Name (full)

Contracted service

 

 

Consent / Legitimate Interest

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Marketing / Event Management

Job title

Contracted service

 

 

Consent / Legitimate Interest

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Marketing / Event Management

Address

Contracted service

 

 

Consent / Legitimate Interest

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Marketing / Event Management

Email

Contracted service

 

 

Consent / Legitimate Interest

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Marketing / Event Management

Telephone Number

Contracted service

 

 

Consent / Legitimate Interest

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Marketing / Event Management

Length of service (include all continuous service)

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Proof of identity / Government ID

Contracted service

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Date of birth

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Age

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Marital Status

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

NI Number

Contracted service

Personal Tax                 Corporate Tax

Client Payroll                Corporate Finance

Personal Finance           Account services

Type of contract (Permanent / Temporary / Fixed Term / Casual etc)

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Basic rate of pay / Annual salary

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Overtime rates

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Guaranteed contracted hours

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Number of working days per week

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Start / Finish times

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Details of any shift patterns / allowances

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Absence record

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Holidays dates taken (from / to)

Contracted service

Client Payroll

Holiday Pay brake down

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Overtime pay rates, time and a half / double time

Contracted service

Client Payroll

Details of current sick pay scheme

Contracted service

Client Payroll

Details of company car entitlement or allowance

Contracted service

Client Payroll

Financial details of permanent health, disability, or accident insurance scheme

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of any private medical health cover

Contracted service

Personal Tax                 Personal Finance

Bonus details

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of commission

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of life assurance scheme

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of redundancy arrangements

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of maternity / paternity / adoption policies

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Number of days parental leave taken

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of pension scheme

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Financial details of any other benefits / loans / settlements not previously mentioned

Contracted service

Personal Tax                 Client Payroll

Personal Finance           Account services

Payment frequency

Contracted service

Client Payroll

Payment method

Contracted service

Client Payroll

Pay review implementation dates

Contracted service

Client Payroll

Financial details of any deductions.

Contracted service

Client Payroll

Ryecroft Glenton Business Operations

Data Item

Lawful Basis

Business Area

Contract of employment

Employment law/Contract

HR processes

Name (full)

Employment law/Contract

Health and Safety Legislation

HR processes                Staff Payroll

Health and Safety

IT Systems (RG Int)(RG Ext)(RG Ext CL)

Address

Employment law/Contract

Health and Safety Legislation

HR processes                Staff Payroll

Health and Safety

IT Systems (RG Int)(RG Ext)(RG Ext CL)

Email Business and Personal (HR Only)

Employment law/Contract

Health and Safety Legislation

HR processes                Staff Payroll

Health and Safety

IT Systems (RG Int)(RG Ext)(RG Ext CL)

Telephone Number

Employment law/Contract

Health and Safety Legislation

HR processes                Staff Payroll

Health and Safety

IT Systems (RG Int)(RG Ext)(RG Ext CL)

Job title

Employment law/Contract

HR processes                Staff Payroll

IT Systems (RG Int)(RG Ext)(RG Ext CL)

Fingerprints (Sensitive Biometric)

Consent

HR Processes

Photographs

Consent

Marketing                     IT System (RG Int)

Date of commencement

Employment law/Contract

HR processes                Staff Payroll

Length of service (include all continuous service)

Employment law/Contract

HR processes                Staff Payroll

Proof of eligibility to work in the UK

Employment law/Contract

HR processes

Date of birth

Employment law/Contract

HR processes

Age

Employment law/Contract

HR processes

Marital Status

Employment law/Contract.

HR processes                Staff Payroll

Next of Kin Details (NOK)

Legitimate Interest / Consent

HR processes

NOK relationship

Legitimate Interest / Consent

HR processes

NI Number

Employment law/Contract.

HR processes                Staff Payroll

Type of contract (Permanent / Temporary / Fixed Term / Casual etc)

Employment law/Contract.

HR processes                Staff Payroll

Basic rate of pay / Annual salary

Employment law/Contract.

HR processes                Staff Payroll

Details of any variation in an individual’s employment terms

Employment law/Contract.

HR processes                Staff Payroll

Overtime rates

Employment law/Contract.

HR processes                Staff Payroll

Guaranteed contracted hours

Employment law/Contract.

HR processes                Staff Payroll

Number of working days per week

Employment law/Contract.

HR processes                Staff Payroll

Start / Finish times

Employment law/Contract.

HR processes                Staff Payroll

Details of any shift patterns / allowances

Employment law/Contract.

HR processes                Staff Payroll

Absence record

Employment law/Contract.

Health and Safety Legislation (RIDDOR)

HR processes                Staff Payroll

Health and Safety

 Details of any current long-term absence

Employment law/Contract.

Health and Safety Legislation (RIDDOR)

HR processes                Staff Payroll

Health and Safety

Notice period (employer)

Employment law/Contract.

HR processes

Notice period (employee)

Employment law/Contract.

HR processes                Staff Payroll

Annual holiday entitlement

Employment law/Contract.

HR processes                Staff Payroll

Number of holidays taken to-date within the current holiday period

Employment law/Contract.

HR processes                Staff Payroll

Holiday period (from / to)

Employment law/Contract.

HR processes                Staff Payroll

Indication of any future increase in holiday entitlement

Employment law/Contract.

HR processes                Staff Payroll

Brake down of holiday pay

Employment law/Contract.

HR processes                Staff Payroll

Are statutory holidays worked or not?

Employment law/Contract.

HR processes                Staff Payroll

Details of overtime pay rates, time and a half, double time.

Employment law/Contract.

HR processes                Staff Payroll

Details of current sick pay scheme

Employment law/Contract.

HR processes                Staff Payroll

Details of company car entitlement or allowance

Employment law/Contract.

HR processes                Staff Payroll

Details of permanent health, disability, or accident

Health and Safety Legislation

HR processes                Health and Safety

Details of permanent health, disability, or accident insurance scheme

Employment law/Contract.

HR processes                Staff Payroll

Details of any private medical health cover

Employment law/Contract.

HR processes                Staff Payroll

Bonus details

Employment law/Contract.

HR processes                Staff Payroll

Details of commission

Employment law/Contract.

HR processes                Staff Payroll

Details of life assurance scheme

Employment law/Contract.

HR processes                Staff Payroll

Details of redundancy arrangements

Employment law/Contract.

HR processes                Staff Payroll

Details of maternity / paternity / adoption policies

Employment law/Contract.

HR processes                Staff Payroll

Details of any current or pending maternity / paternity / adoption leave

Employment law/Contract.

HR processes                Staff Payroll

Number of days parental leave taken

Employment law/Contract.

HR processes                Staff Payroll

Pension scheme details

Employment law/Contract.

HR processes                Staff Payroll

Details of any other benefits / loans / settlements not previously mentioned

Employment law/Contract.

HR processes                Staff Payroll

Copies of licences / permits / certificates of competence etc

Employment law/Contract.

HR processes

Details of any ongoing personal development agreements / costs

Employment law/Contract.

HR processes                Firm Accounting

Payment frequency

Employment law/Contract.

HR processes                Staff Payroll

Payment method

Employment law/Contract.

HR processes                Staff Payroll

Frequency of pay reviews and date usually applied

Employment law/Contract.

HR processes                Staff Payroll

Details of any deductions

Employment law/Contract.

HR processes                Staff Payroll

Details of ‘live’ disciplinary sanctions

Employment law/Contract.

HR processes

Details of any outstanding employment tribunal claims

Employment law/Contract.

HR processes                Firm Accounting

Details of any outstanding personal injury claims

Employment law/Contract.

HR processes

 

HR Processes includes processing of information by:

  • Pension Provider
  • Private Medical Provider
  • Life Insurance Provider
  • Permanent Health Insurance Provider
  • External HR Consultant
  • Training Providers
  • Licencing Bodies
  • Insurance Companies (EL / PL / PI etc)
  • General Practitioner
  • Government Departments
  • Online HR application

For details of which applies to you as an employee specifically, please contact the Staff Partner

Staff Payroll includes processing of information by:

  • HMRC
  • EPayslips
  • Xero
  • Any application as directed by the data controller.

Health and Safety includes processing of information by:

  • The Health and Safety Executive
  • External H&S Consultant
  • Occupational Health Provider

IT Systems includes processing of information by:

  • Ryecroft Glenton IT Department and IT systems (RG Int)
  • 3rd Party application IT departments used to provide services to the firm’s clients (RG Ext CL)
    • e. Xero, Sageonline, Caseware, STAR Payroll, Quickbooks etc.
  • 3rd Party application used to provide RG with IT functionality (RG Ext)
    • e. Microsoft Office 365, Mimecast, Sophos AntiVirus, TeamViewer etc.

 

How do we use your personal data?

11. We will only process personal data, in accordance with applicable laws, including Data Protection Act 2018, General Data Protection Regulation (2016/679), Privacy and Electronic Communications Regulations (2003) for the following purposes:

a. responding to your queries, requests and other communications, for example, if you send us an enquiry about our client services, you apply for a job, you send us a query about our website or about your personal data we hold;

b. complying with applicable law and relevant professional guidelines, including in response to a lawful request from a court, regulatory body or our professional body.

c. administering our business, including employment rights, complaints resolution, quality control, staff training, research, data analysis, statistical and survey purposes;

d. ensuring the security of our business and preventing and detecting fraud, utilising appropriate risk based measure to secure and manage access to personal data;

e. providing Client Services, where we process personal data as a data processor in accordance with the instructions of our clients in their capacity as data controllers or as a data controller or any agreed combination based on the services provided in accordance with the client services engagement letter;

f. enabling suppliers, contractors, ACCELERATE, associated firms and service providers to carry out certain functions on our behalf in order to provide specialist services and Website related services, including specialist professional and technical advice, webhosting, data storage, identity verification, IT technical assistance, logistical and other functions, as applicable;

g. sending you personalised marketing communications as permitted by law or as requested by you. If you would like to unsubscribe please email us here;

h. serving personalised advertising to your devices;

i. providing the Website and related online services including our website, content and features;

j. allowing you to use features on our Website and related services, when you choose to do so;

k. developing and improving our Website and related services, troubleshooting of our website, data analysis, testing of new features;

l. carrying out profilingfor business administration, recruitment, advertising and other business purposes, such as, for example, analysing User trends to deliver relevant ads to Users’ devices; using recruitment tools that allow us to score those applicants who complete a test and to consider their suitability for specific roles.

 

12. The legal basis for our processing of personal data for the purposes described above will typically include:

a. processing necessary to fulfil a contract that we have in place with you or other data subjects, such as processing for the purposes set out in paragraphs 10(a), (f), (i), (j) and (l);

b. your consent, such as processing for the purposes set out in paragraphs 10(g), (h) and (i);

c. processing necessary for our or a third party’s legitimate interests, such as processing for the purposes set out in paragraphs 10(a), (c), (d), (f), (i) and (k), which is carried out on the basis of our legitimate interests to ensure the security of our business, our Users, the proper administration of our business and our Website and related services are properly provided;

d. processing necessary for compliance with a legal obligation to which we are subject, such as processing for the purposes set out in paragraph 10(b);

e. our agreements with, and instructions provided by, our clients as set out in paragraph 10(e); and

f. any other applicable legal ground from time to time.

Disclosure of personal data

13. There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. These scenarios include disclosure to:

a. our affiliates or associated offices;

b, our suppliers and service providers to facilitate the provision our Client Services, related services and of the Website, including; IT consultants, recruitment services providers, identity verification partners (in order to verify your identity against public databases), call centres, consultants webhosting providers, and similar third parties.  Where we are acting as data processors we will not transfer personal data to subcontractors, sub processors or 3rd parties that have not been approved by RG and is on our approved suppliers list without prior written permission from you the data controller;

Approved service suppliers list

Company / Application

Registered Location 

Data Categories *

Their GDPR Compliance Statement 

Sage 

UK, IE 

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.sage.com/en-gb/legal/privacy-and-cookies/

Payroll Professional (formally STAR Payroll)

UK – Newcastle Office

Identification Details

Contact Details

Financial Details

Government IDs..

https://www.payroll-professional.co.uk/privacy-policy.html

CCH 

UK – Newcastle Office

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.help.cch.co.uk/002_CCH_Central/General_Data_Protection_Regulation_(GDPR)_in_CCH_Central

CCH OneClick Portal

UK

Identification Details

Contact Details

+ secured data contained within individual documents.

https://www.help.cch.co.uk/002_CCH_Central/General_Data_Protection_Regulation_(GDPR)_in_CCH_Central

Xero

USA

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.xero.com/uk/about/legal/privacy/

Quickbooks

UK

Identification Details

Contact Details

Financial Details

Government IDs.

https://quickbooks.intuit.com/eu/privacy-policy/

Caseware

Various – RG hosted in the U

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.caseware.co.uk/legal/privacy-policy

MailChimp

USA

Identification Details

Contact Details

https://mailchimp.com/gdpr/

https://mailchimp.com/legal/privacy/

Office 365

Various – RG hosted in IE

Identification Details

Contact Details

https://privacy.microsoft.com/en-us/privacystatement

MimeCast

UK

Identification Details

Contact Details

https://www.mimecast.com/company/mimecast-trust-center/gdpr-center/privacy-statement/

Sophos

USA, UK, Ireland, Germany

Identification Details

Contact Details

IT Data

https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx

https://www.sophos.com/en-us/legal/sophos-gdpr.aspx

USS Censornet

UK

Identification Details

Contact Details

IT Data

https://www.censornet.com/privacy-policy/

Meraki

Germany

IT Data

https://meraki.cisco.com/support/#policies:privacy

https://meraki.cisco.com/gdpr

Duo

 

Identification Details

Contact Details

https://duo.com/legal/privacy-notice-services

E-Payslip

PayDashboard

UK 

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.payroll-professional.co.uk/privacy-policy.html

https://www.paydashboard.com/privacy

Go-Cardless

EU

Identification Details

Contact Details

Financial Details

Government IDs.

https://gocardless.com/legal/privacy/

https://support.gocardless.com/hc/en-gb/articles/360000281005-GoCardless-and-GDPR

Futrli

UK – EUA

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.futrli.com/privacy-policy/

https://www.futrli.com/gdpr-statement/

Float

UK

Identification Details

Contact Details

Financial Details

Government IDs.

https://floatapp.com/privacy-policy

Satago

UK – EU

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.satago.com/legal/privacy

Receipt Bank

UK – EU

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.receipt-bank.com/privacy-policy-simple/

https://info.receipt-bank.com/receipt-bank-and-gdpr

The Peoples Pension

UK – EU

Identification Details

Contact Details

Financial Details

Government IDs.

https://thepeoplespension.co.uk/privacy/#what-personal-data-do-the-trustee-and-bce-hold-about-you

https://thepeoplespension.co.uk/help/question-category/about-the-peoples-pension/general-data-protection-regulation-gdpr/

BUPA

Bupa UK in the UK

Bupa Global – globally

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.bupa.co.uk/legal-notices/privacy-and-cookies

https://www.bupaglobal.com/en/legal/privacy-notice

WestField Health

UK

Identification Details

Contact Details

Government IDs.

https://www.westfieldhealth.com/trust/privacy-policy

https://www.westfieldhealth.com/GDPR

SmartSearch

UK

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.smartsearchsecure.com/dpa

TaxShield

UK

Identification Details

Contact Details

Financial Details

Government IDs

https://www.taxshield.co.uk/privacy-policy

People HR

UK – EU

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.peoplehr.com/privacy.html

https://www.peoplehr.com/gdpr.html

Autoentry

UK

Identification Details

Contact Details

Financial Details

Government IDs.

https://www.autoentry.com/privacy-policy

https://help.autoentry.com/articles/1376109-gdpr-compliance

Glide

 

Identification Details

Contact Details

https://www.whatsglide.com/privacy-policy/

https://www.whatsglide.com/gdpr/

 

*Data Categories

The below is a breakdown of the data categories, not all of the items identified will be passed across for a given application.

For additional details please email privacy@ryecroftglenton.com.

Identification Details includes

  • Full name
  • Date of Birth

RG HR Only

  • NOK details
  • Holidays / sick etc.
  • Performance Reviews

Contact Details (Business or Personal)

  • Address
  • Email address
  • Telephone numbers

Financial Details

  • Salary
  • Pension
  • Shares / investments
  • Bank details

Government IDs.

  • NI number
  • PAYE Reference
  • Passport number
  • Unique Tax Reference (UTR)
  • NHS Number

IT Data

  • Computer Name
  • Computer IP Address
  • Websites Visited

c. subject to appropriate legal basis such as consent, our advertising and marketing partners who enable us, for example, to deliver personalised ads to your devices or who may contact you by post, email, telephone, SMS or by other means;

d. successor or partner legal entities, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event relating to our business. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;

e. our clients and third parties as directed by our clients, where we process personal data as a data processor on behalf of our clients;

f. public authorities and professional bodies, such as law enforcement agencies, courts, ICAEW and other public bodies where we are required by law to do so; and

g. other third parties where you have provided your consent.

International transfer of your personal data

14. We may transfer your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. Where this is the case, we will ensure that appropriate transfer mechanisms are in place to ensure an adequate level of data protection.

15.If we transfer personal data to private organisations abroad, such as our suppliers and service providers, we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.

Retention of personal data

16. We retain personal data for the minimum period necessary for the purposes listed above while ensuring we comply with the relevant UK legislation. On average, that period is no more than 7 years, however in certain circumstances we are required to keep data for longer periods [such as trust deeds].

17. We may keep an anonymised form of your personal data, which will no longer refer to you, to the extent that we have a legitimate and lawful interest in doing so.

18. We will retain personal data in accordance with our clients’ instructions where we act on their behalf as a data processor.

19. we will where acting as a data processor , at your request securely return all personal data to you and where is does not conflict with our legal obligations to retain data (para 21) or has been anonymised (para 22) securely destroy the personal data and any copies held by us or our 3rd parties in line with our data deletion policy.

Security of personal data

20. We will use and maintain appropriate technical and organisational information security measures to try to prevent unauthorised access to your personal data. However, please be aware that the transmission of information via the internet is never completely secure. Whilst we do our best to keep our own systems secure, we cannot control the whole of the internet and we cannot therefore guarantee the security of your information as it is transmitted to and from our website or offices.

21. We ensure that all personnel with access to personal data are

a) subject to a confidentiality agreement; and

b) only processing data in a manner permitted by the appropriate engagement letter.

22. Where you have created or received a password or authentication code which enables you to access certain parts of our website or online applications, you are responsible for keeping this password or authentication code confidential. We ask you not to share your password or authentication code with anyone.

23. Where we act as a data processor on behalf of a client we will assist in all audit requirements of said client, with their permission, pertaining to the personal data we hold while delivering our contractual obligations.

Data subject rights

24. Current UK Data Protection legislation, Data Protection Act 2018, General Data Protection Regulation (2016/679) provide EU Citizens with numerous rights in relation to personal data. Where we processed such data on behalf of another party, e.g. our client under contract, all requests in relation to those rights will be forwarded to the relevant client for them, the data controller to take the appropriate action. For further information about your data privacy rights please visit the website of your local data privacy authority.

a. Right to make a subject access request (SAR). Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear that a SAR is being made and which client may hold said data. You will be required to submit a proof of your identity and payment, where applicable.

b. Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.

c. Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.

d. Right to object to processing including profiling.We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such request. We will comply with each valid opt-out request in relation to marketing communications.

e. Rights in relation to automated decisions about you. Where we make a decision about you based solely on automated processing which significantly affects you, you will have you the right to contest the decision, express your point of view and obtain human intervention.

f. Right to erasure. Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our business record retention obligations that we have to comply with.

g. Restriction. Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.

h. Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Website. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be retained for legitimate and lawful purposes.

i. Right to lodge a complaint with the supervisory authority. We suggest that you contact us or where the data is provided by a client, the client, about any questions or complaints in relation to how we process your personal data. However, you have the right to contact the relevant supervisory authority directly. A list of supervisory authorities is available here.

25. Where we act on behalf of our clients as a data processor, we will assist our client with the delivery of said rights.

26. where we act as a data controller in relation to internal business obligations we will notify you of each unlawful or unauthorised processing of your personal data or breach of security affecting personal data in accordance with GDPR Article 33(i) where the risk to you is high or very high.

Cookie Statement

27. What exactly are cookies? In order to collect the information including personal data as described in this Notice, we may use cookies and similar technology on our website. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device. Cookies can be first party, i.e. cookies that the website you are visiting places on your device, or third party cookies, i.e. cookies placed on your device through the website but by third parties, such as, Google. For more information please visit www.allaboutcookies.org.

28. The cookies placed on our website. We use the following cookies on our website:

a. Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features. Without these cookies, the Website and related services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.

b. Performance cookies. These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it and the approximate regions that they are visiting from. These are first party cookies.

c. Functionality cookies. These cookies allow our website to remember choices you make (such as your user name, language or the region you are in, if applicable) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.

d. Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns. They remember that you have visited our website and may help us in compiling your profile. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.

e. Social Media cookies. These cookies allow you to connect with social media networks such as Facebook, twitter, LinkedIn and Google+. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.

29. We may combine information from these types of cookies and technologies with information about you from other sources.

30. Cookie consent and opting out. By using our Website, we assume that you are happy for us to place cookies on your device. Most Internet browsers automatically accept cookies. However, if you, or another user of your device, wish to withdraw your consent at any time, you have the ability to accept or decline cookies by modifying your browser setting. If you choose to decline cookies, you may not be able to fully experience the interactive features of our Website and related services.

31. If you are based in Europe and cookies are active, when you arrive on our website a pop-up message will appear asking for your consent to place advertising cookies on your device. In order to provide your consent, please click ‘I understand’. Once your consent has been provided, this message will not appear again when you revisit.  If you, or another user of your device, wish to withdraw your consent at any time, you can do so by altering your browser settings.

32. You may also opt-out from third party cookies by selecting appropriate options on http://www.youronlinechoices.com/uk/.